Category Started On Completed On Duration Cuckoo Version
FILE 2017-10-11 14:17:48 2017-10-11 14:28:03 615 seconds 1.2
Machine Label Manager Started On Shutdown On
WindowsXPSP3 WindowsXPSP3 VirtualBox 2017-10-11 14:17:49 2017-10-11 14:28:03

File Details

File name achiang31_malware2.exe
File size 95744 bytes
File type PE32 executable (console) Intel 80386, for MS Windows
CRC32 B324BFE1
MD5 7d26e72c63a88d775534cf539c757af3
SHA1 928905f2588007b66453b82521c85335d5629a40
SHA256 8a0ea1025294ac2cac868fa0bfde0075648931d22a4cdd6ab04daa5fe9b52275
SHA512 da26d31ba117fad96e887eadbe093b36d1033c1d66df07fd78e7b000d9dc19b6f3935852607646ddd530607baca77e071858fdc8c07f1b5b77109f893f4e1989
Ssdeep 1536:21eOmsWjcdW3j3eiBiKciHzkLIED7j579Z8iSikh2PlEmc8+a4k/U:SeOJWT3e8ciHzEp9ZuiZc8F
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2017-09-29 14:52:59
Detection Rate: 40/64 (Expand)

Signatures

No signatures matched

Screenshots

Static Analysis

Sections

Imports

Strings

Dropped Files

achiang31_malware2.exe

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\DOCUME~1\cuckoo\LOCALS~1\Temp\achiang31_malware2.exe
Mutexes
  • IPKillerClient
Registry Keys
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_CURRENT_USER\Software\Resilience Software
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Processes

registry filesystem process services network synchronization

achiang31_malware2.exe PID: 1936, Parent PID: 1856

iexplore.exe PID: 924, Parent PID: 1936

iexplore.exe PID: 1436, Parent PID: 924

Volatility

Nothing to display.